Conference Paper

Defense for Selective Attacks in the IoT with a Distributed Trust Management Scheme

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In the Internet of Things (IoT) smart objects are able to provide or require specific services. The goal of this work is to identify malicious behavior of nodes performing selective attacks. In this type of attacks the nodes selectively decide what kind of service they will provide to the network, in order to save resources. We use a trust management model to detect such behavior. We perform network simulations using Contiki-OS to analyze the performance of the trust model. The simulation results show a good performance against nodes executing selective attacks. Keywords— Internet of Things; trust management; selective attacks, security.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Trust management model (Mendoza and Kleinschmidt, 2016)is proposed which targets those malicious nodes which are used for performing some selective attacks by attackers. In these selective attacks, the node gives some predetermined services which require low computation or other resources only to other nodes and saves its resources. ...
... No mechanism of privacy is given, the trust of a new node cannot be identified. (Mendoza and Kleinschmidt, 2016) Targets malicious nodes used for selective attacks using predefined services. ...
... The techniques used in (Ben Saied et al.,2013) and (Mendoza and Kleinschmidt,2015) only addressed one trust parameter, making the model insecure. Some other techniques like (Attack-Resistant Trust Management Model), (Asiri and Miri, 2016), (Mendoza and Kleinschmidt, 2016), (Wang et al., 2017), (Kim and Keum, 2017) and (Zandberg et al., 2019)and (Zhang and Wu, 2020)addressed two or maximum three trust parameters out of five which is far behind the present security goals. Quantum walk technology-based protocols can solve a variety of issues but they can be sufficiently more effective with Blockchain. ...
Article
Internet of Things (IoT) refers to a technology where computing devices are connected and form a network. IoT faces many security and privacy issues due to less computation power, heterogeneity, and limited resources available with its devices. Data is transferred among these devices with little or no human interaction. Data Confidentiality and Integrity are very critical parameters and can be achieved by securely sharing information in IoT scenarios. Managing and maintaining trust in exchanging information over IoT becomes very significant. Recent researches have focused on the applications of Blockchain technology for assuring trust management in IoT networks. Blockchain provides completely distinct and more secure approaches. This survey paper aims to illustrate the significance of integrating Blockchain technology in the IoT environment to ensure trust among IoT devices. Particularly, first we give an overview and security aspects of IoT and Blockchain technologies. Then we trace out some important challenges and issues of trusted IoT with potential solutions by Blockchain. Following this, we highlight some complications in the integration of Blockchain with IoT. Finally, we present a comparative analysis between traditional and Blockchain-based trust management techniques as proof of work to represent the significance of Blockchain in ensuring trust.
... Mendoza and Kleinschmidt [19] offered a model that identified malicious nodes based on the services they chose to provide. At first, all nodes were assigned zero trust value and the process of neighbor discovery was started by sending announcement packets. ...
... Tackles cold start problem, considers the sensitivity of data, better availability, fast response time It is strictly reliant on the specific environment for exchanging the trust parameters. The proposed approach introduces higher communication and processing overhead to build a trust model [19] Distributed trust scheme by observing services of local nodes ...
... In (19), K is an orthogonal basis of H and X is the projection of R onto the space orthogonal to U. ...
Article
Full-text available
Edge computing is a distributed architecture that features decentralized processing of data near the source/devices, where data are being generated. These devices are known as Internet of Things (IoT) devices or edge devices. As we continue to rely on IoT devices, the amount of data generated by the IoT devices have increased significantly due to which it has become infeasible to transfer all the data over to the Cloud for processing. Since these devices contain insufficient storage and processing power, it gives rise to the edge computing paradigm. In edge computing data are processed by edge devices and only the required data are sent to the Cloud to increase robustness and decrease overall network overhead. IoT edge devices are inherently suffering from various security risks and attacks causing a lack of trust between devices. To reduce this malicious behavior, a lightweight trust management model is proposed that maintains the trust of a device and manages the service level trust along with quality of service (QoS). The model calculates the overall trust of the devices by using QoS parameters to evaluate the trust of devices through assigned weights. Trust management models using QoS parameters show improved results that can be helpful in identifying malicious edge nodes in edge computing networks and can be used for industrial purposes.
... In this regard, Mendoza et al proposed a trust model only based on direct trust for a multiservice IoT environment. 12,38 Each node gains its neighborhood via announcement packets received from neighbor nodes and rates its interactions with each of them based on a fixed reward or punishment value. To discourage bad conducts, the punishment for a node when it does not provide a service is twice the reward for properly providing a service. ...
... To conclude, existing trust models use limited strategies to defend against on-off attacks that are inefficient to detect smart, disperse, or nonintense threats. Some of existing works remember bad actions for a longer time or count them twice, 12,[38][39][40]45 which allow them to detect only intense on-off conducts, eg, those with at least half bad to good behavior ratio. Another strategy used consists in scaling down a node's direct trust when its malicious transactions in the current time slot are more than that in the previous one. ...
... To overcome this issue, other trust models perform both trust evaluation and provider selection in a distributed manner. 5,12,14,[38][39][40]42,45 In T-D2D, all functions are executed distributively inside each IoT node, while recommendations are exchanged between different IoT nodes. ...
Article
Full-text available
With the advances in pervasive computing, Internet of things (IoT) has gained considerable attention from both research and industrial communities. While IoT devices are able to provide computational services to other devices via device‐to‐device (D2D) communications, they are not guaranteed to be honest and collaborative. In such a context, the trust model can help to detect malicious service providers. However, malicious nodes may perform trust‐distortion attacks to mislead the trust model. They may perform on‐off attacks to remain undetected or bad‐mouth about others to make it difficult to infer if a contradictory recommendation comes from the on‐off nature of the evaluated node or dishonesty of the recommender. To address these issues, we propose T‐D2D, a lightweight trust model capable to face simultaneous trust‐distortion attacks. T‐D2D evaluates a node's nature using both short‐term and long‐term evaluation intervals to detect different types of on‐off attacks. Moreover, it keeps track of marginal misbehaving over several successive intervals to recognize the nature of suspicious on‐off nodes with light misbehaving attitude. To face bad‐mouthing attackers, T‐D2D limits its dependence on recommendations to when the direct trust is not decisive. Moreover, it evaluates the honesty of a recommender based on the correctness of its recommendations over time. Simulation results prove that T‐D2D exhibits significantly better performance than other counterparts in terms of trust level, correctness of calculated trust, percentage of selected malicious providers, total wasted execution time, and energy consumption in presence of simultaneous trust‐distortion attacks.
... Malicious nodes choose selective attacks to provide a service with less processing requirement. Trust management checks out faults in the system and protects nodes as well as the network connection [45]. Establishing trust among connected devices is the main objective of the trust management scheme and it also finds the malicious behavior of a node. ...
... In IoT, several trust management schemes are proposed, such as centralized trust management [46], decentralized scheme [47], [48], and hybrid schemes [14] which depend on the application choice between both centralized and decentralized schemes [47]. The proposed trust management scheme, known as Distributed Trust Management Scheme (DTMS) [45], is based on a distributed mechanism to provide several different services in the IoT. The trust value of each node is calculated on direct observations, which is zero in the start. ...
... The public key cryptography is adopted which is based on the integer factorization, thus, consumes maximum power. DTMS [45] Performs well to evaluate selective attacks in a trust management model. ...
Article
Full-text available
A vision of the future Internet is introduced in such a fashion that various computing devices are connected together to form a network called Internet of Things (IoT). This network will generate massive data that may be leveraged for entertainment, security, and most importantly user trust. Yet, trust is an imperative obstruction that may hinder the IoT growth and even delay the substantial squeeze of a number of applications. In this survey, an extensive analysis of trust management techniques along with their pros and cons is presented in a different context. In comparison with other surveys, the goal is to provide a systematic description of the most relevant trust management techniques to help researchers understand that how various systems fit together to bring preferred functionalities without examining different standards. Besides, the lessons learned are presented and the views are argued regarding the primary goal trust is likely to play in the future Internet.
... The trust value is based on direct observations, depending on the assistance of services by the collaborative nodes. The TM model was evaluated under On-Off and selective attacks [13,14]. In this work we extend the model presented in [13] and [14] using indirect observations in the computation of trust. ...
... The TM model was evaluated under On-Off and selective attacks [13,14]. In this work we extend the model presented in [13] and [14] using indirect observations in the computation of trust. The novelty of the proposed TM mechanism is to compute the trust of a node locally using direct and indirect information. ...
... In the literature, many trust management systems [5][6][7] have been proposed for wireless networks, such as ad hoc and sensor networks. More recently, some work in trust management has been studied in the context of IoT [8][9][10][11][12][13][14][15][16][17]. In [10], the author discusses some questions about trust in an IoT environment from a human perspective. ...
Article
Full-text available
In the Internet of Things (IoT) heterogeneous devices can cooperate and communicate to provide or require determined services. A multi-service IoT is vulnerable to many types of malicious attacks. A trust management scheme is a strategy to establish trust between devices. In this work we propose a distributed trust management model for IoT using direct and indirect observations. The trust of a node is computed by the service quality and recommendations from neighbors. The nodes locally compute the trust of their neighbors, without the need of a central entity. We implemented the proposed strategy in the Cooja simulator of the Contiki operating system to analyze the performance of the trust model. We performed simulations using different number of malicious nodes performing the bad mouthing attack. Simulation results show the trust management scheme is able to detect malicious nodes in the network.
... In [5], authors discussed on trust management scheme to defend against selective forwarding attack in internet of Things. The trust value of each node was stored in a table. ...
... 3 Selective forwarding attack Hop by Hop in section [36], Adaptive learning mechanism [18], Public key encryption technique [45], Provenance based method [31], Trust management scheme [5] and fuzzy path selection approach [35]. 4 Blockhole attack Trust based mechanism [4], Strained based intrusion detection system [17], Exponential smoothing approach [30], Nodes' behaviour approach [12]. ...
Article
Full-text available
Internet of Things is one of the trending technologies in the cotemporary world which allows all the technologies to work together as a single system. The "things" connected in the IoT environment could be anything such as objects, physical/virtual things and human beings. The communication between these connected things should be secured. Otherwise, intruders can misuse the data collected from the IoT environment. So, there is a necessity of providing better routing mechanism for IoT to provide secure communication against various attacks in IoT. Several protocols are used for routing in IoT. IPv6 Routing Protocol for Low Power and Lossy Networks (RPL) is one of the protocols in IoT based system. In this paper, various attacks against RPL protocol are listed out, analyzed and distinguished from each other.
... Trust management scheme is used to check node malicious behavior in the system and protects nodes as well as the network resources [13]. Model identifies node behavior by performing selective attack, and based on node behavior, it decides which types of services to provide in order to conserve resources. ...
... The model is evaluated for four parameters in heterogeneous cloudbased environment. They [13][14][15] did not give sufficient consideration regarding identification of malicious node to reduce physical attacks. Trust as a service framework is proposed [16], which helps in credibility model. ...
... Distributed Trust Management Scheme (DTMS) -The main objectives of major techniques are establishing trust between communicating nodes either devices or humans and detecting malicious behaviour of nodes. In (Mendoza & Kleinschmidt, 2016) author proposed distributed trust management scheme which is based on decentralizing architecture to provide various services in IoT. Trust value calculation is based on direct interactions where initial trust is zero or neutral. ...
Article
Full-text available
In ubiquitous computing environment, nodes communicate in dynamic, heterogeneous and distributed environment. Support for wireless technologies further extends the association between devices to interact with each other. For mobile nodes, many a times associations are volatile in nature. There is always a risk associated with such transactions when there is no experience and trust with each other's' reputation. From security perspective, there is requirement of a proper mechanism to build trust and experience so that nodes can interact with each other for safe sharing of their resources. So far, several trust and reputation models have been proposed to secure the such communication. However, important factor ubiquity exhibiting mobile nature of node and its impact on trust and experience is not much investigated. In this paper, experience model for ubicomp nodes has been proposed. The novel concept of ubiquity and impact of access network type on trust relationship is presented. This model calculates experience score for a node using ubiquity and other parameters like history, reliability and transitivity. Further, experience model is formulated and evaluated with mathematical approach. Evaluation results show that model effectively calculates experience score of the ubicomp node with respect to parameters considered. This experience model can easily be incorporated with various self-regulating access control systems.
... A distributed trust management scheme (DTMS) [36] is proposed to provide defense against selective attacks. The DTMS focuses on the identification of malicious and compromised nodes. ...
Article
Full-text available
Internet of Things (IoT) is proposed and used in diverse application domains. In IoT, nodes commonly have a low capacity to maintain security on their own expenses, which increases the vulnerability for several attacks. Many approaches have been proposed that are based on the privacy and trust management to reduce these vulnerabilities. Existing approaches neglect the aspects of cross-domain node communications and the significance of cross-domain trust management. In this paper, we propose a Holistic Cross-domain trust management model (HoliTrust) that is based on multilevel central authorities. To provide a multilevel security, the HoliTrust divides domains into communities on the basis of similarities and interests. Every community has its dedicated server to calculate and manage the degree of trust. In addition, these domains also have their dedicated servers to manage their specific domains, to communicate with the trust server, and to sustain trust among other domain servers. The trust sever is introduced in the HoliTrust that controls the domains, calculates the domain trust, manages the trust values, and distributes standard trust certificates to domains based on a degree of trust. The trust computation is performed on the basis of direct and indirect trust parameters. Furthermore, if a trustor communicates through the community, then the community server includes community trust of the trustee during the trust evaluation. If the communication of the trustor is across the domain, then the community server includes the domain trust along with the community trust of the trustee comprising direct and indirect observations. The overall trust evaluation of communities and domains is time-driven and the responsible authority computes trust after a specific interval of time. We have also compared the HoliTrust with the existing trust mechanisms by focusing on several holistic trust objectives, such as trust relation and decision, data perception trust, and privacy preservation.
... As future work, we plan to extend our work in terms of (1) dealing with more sophisticated attacks (e.g., [27,[29][30][31]); and (2) developing decentralized or distributed systems allowing the load of trust aggregation to be distributed over individual components of the system for better applicability. ...
Article
In this paper, the notion of a smart service community is proposed to address the grand challenge of a huge number of Internet-of-Things (IoT) devices providing similar services in a smart city environment (e.g., parking, food, healthcare, transportation, and entertainment). We propose that a smart service community be built as a cloud utility accessible via a mobile application installed in user-owned IoT devices, such as smart phones. The cloud utility provides cloud-based interfaces, including registration, service satisfaction reporting, recommender credibility reporting, and service recommendation, with the goal of recommending the best service providers based on a user’s specified service performance criteria. Trustbased service management techniques, utilizing IoT-assisted technology, are developed to automatically measure service ratings and recommender credibility ratings, and compute one-to-one subjective trust scores to allow a user to select the best service providers among all. The feasibility of the proposed approach is demonstrated over contemporary service ranking systems using a smart food service community for which the major performance metric is the service wait time.
Article
The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture not only restricts network access to authenticated IoT devices, but also enforces fine granular policies to secure the flows in the IoT network infrastructure. The authentication is achieved using a lightweight protocol to authenticate IoT devices. Authorization is achieved using a dynamic policy driven approach. Such an integrated security approach involving authentication of IoT devices and enables authorized flows to protect IoT networks from malicious IoT devices and attacks. We have implemented and validated our architecture using ONOS SDN Controller and Raspbian Virtual Machines, and demonstrated how the proposed security mechanisms can counteract malware packet injection, DDoS attacks using Mirai, spoofing/masquerading and Man-in-The-Middle attacks. An analysis of the security and performance of the proposed security mechanisms and their applications is presented in the paper.
Article
Full-text available
Article
Full-text available
Wireless sensor networks (WSNs) are being used to facilitate monitoring of patients in hospital and home environments. These systems consist of a variety of different components/sensors and many processes like clustering, routing, security, and self-organization. Routing is necessary for medical-based WSNs because it allows remote data delivery and it facilitates network scalability in large hospitals. However, routing entails several problems, mainly due to the open nature of wireless networks, and these need to be addressed. This paper looks at two of the problems that arise due to wireless routing between the nodes and access points of a medical WSN (for IoT use): black hole and selective forwarding (SF) attacks. A solution to the former can readily be provided through the use of cryptographic hashes, while the latter makes use of a neighbourhood watch and threshold-based analysis to detect and correct SF attacks. The scheme proposed here is capable of detecting a selective forwarding attack with over 96% accuracy and successfully identifying the malicious node with 83% accuracy.
Article
Full-text available
In this paper, a Per-Hop Acknowledgement (PHACK)-based scheme is proposed for each packet transmission to detect selective forwarding attacks. In our scheme, the sink and each node along the forwarding path generate an acknowledgement (ACK) message for each received packet to confirm the normal packet transmission. The scheme, in which each ACK is returned to the source node along a different routing path, can significantly increase the resilience against attacks because it prevents an attacker from compromising nodes in the return routing path, which can otherwise interrupt the return of nodes’ ACK packets. For this case, the PHACK scheme also has better potential to detect abnormal packet loss and identify suspect nodes as well as better resilience against attacks. Another pivotal issue is the network lifetime of the PHACK scheme, as it generates more acknowledgements than previous ACK-based schemes. We demonstrate that the network lifetime of the PHACK scheme is not lower than that of other ACK-based schemes because the scheme just increases the energy consumption in non-hotspot areas and does not increase the energy consumption in hotspot areas. Moreover, the PHACK scheme greatly simplifies the protocol and is easy to implement. Both theoretical and simulation results are given to demonstrate the effectiveness of the proposed scheme in terms of high detection probability and the ability to identify suspect nodes.
Article
Full-text available
In the Internet of Things (IoT), physical objects are able to provide or require determined services. The purpose of this work is to identify malicious behavior of nodes and prevent possible On-Off attacks to a multiservice IoT. The proposed trust management model uses direct information generated from direct communication with the nodes to evaluate trust between nodes. This distributed approach allows nodes to be completely autonomous in making decisions about the behavior of other nodes. We perform network simulations using Contiki-OS to analyze the performance of the proposed trust model. Simulation results show effectiveness against On-Off attacks and also a good performance to recognize malicious nodes in the network.
Article
Full-text available
Managing trust in a distributed Mobile Ad Hoc Network (MANET) is challenging when collaboration or cooperation is critical to achieving mission and system goals such as reliability, availability, scalability, and reconfigurability. In defining and managing trust in a military MANET, we must consider the interactions between the composite cognitive, social, information and communication networks, and take into account the severe resource constraints (e.g., computing power, energy, bandwidth, time), and dynamics (e.g., topology changes, node mobility, node failure, propagation channel conditions). We seek to combine the notions of "social trust" derived from social networks with "quality-of-service (QoS) trust" derived from information and communication networks to obtain a composite trust metric. We discuss the concepts and properties of trust and derive some unique characteristics of trust in MANETs, drawing upon social notions of trust. We provide a survey of trust management schemes developed for MANETs and discuss generally accepted classifications, potential attacks, performance metrics, and trust metrics in MANETs. Finally, we discuss future research areas on trust management in MANETs based on the concept of social and cognitive networks.
Conference Paper
The Internet of Things (IoT) integrates a large amount of everyday life devices from heterogeneous network environments, bringing a great challenge into security and reliability management. Recognizing that the smart objects in IoT are most likely human-carried or human-operated devices, we propose a scalable trust management protocol for IoT, with the emphasis on social relationships. We consider multiple trust properties including honesty, cooperativeness, and community-interest to account for social interaction. Each node performs trust evaluation towards a limited set of devices of its interest only. The trust management protocol is event-driven upon the occurrence of a social encounter or interaction event, and trust is aggregated using both direct observations and indirect recommendations. We analyze the effect of trust parameters on trust assessment accuracy and trust convergence time. Our results show that there exists a trade-off between trust assessment accuracy vs. trust convergence time in the presence of false recommendations attacks performed by malicious nodes. We demonstrate the effectiveness of the proposed trust management protocol with a trust-based service composition application. Our results indicate that trust-based service composition significantly outperforms non-trust-based (random) service composition and its performance approaches the maximum achievable performance with global knowledge.
Article
Internet of Things (IoT) is going to create a world where physical objects are seamlessly integrated into information networks in order to provide advanced and intelligent services for human-beings. Trust management plays an important role in IoT for reliable data fusion and mining, qualified services with context-awareness, and enhanced user privacy and information security. It helps people overcome perceptions of uncertainty and risk and engages in user acceptance and consumption on IoT services and applications. However, current literature still lacks a comprehensive study on trust management in IoT. In this paper, we investigate the properties of trust, propose objectives of IoT trust management, and provide a survey on the current literature advances towards trustworthy IoT. Furthermore, we discuss unsolved issues, specify research challenges and indicate future research trends by proposing a research model for holistic trust management in IoT.
Article
This work proposes a new trust management system (TMS) for the Internet of Things (IoT). The wide majority of these systems are today bound to the assessment of trustworthiness with respect to a single function. As such, they cannot use past experiences related to other functions. Even those that support multiple functions hide this heterogeneity by regrouping all past experiences into a single metric. These restrictions are detrimental to the adaptation of TMSs to today's emerging M2M and IoT architectures, which are characterized with heterogeneity in nodes, capabilities and services. To overcome these limitations, we design a context-aware and multi-service trust management system fitting the new requirements of the IoT. Simulation results show the good performance of the proposed system and especially highlight its ability to deter a class of common attacks designed to target trust management systems.
Article
In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.
Article
The term “Internet-of-Things” is used as an umbrella keyword for covering various aspects related to the extension of the Internet and the Web into the physical realm, by means of the widespread deployment of spatially distributed devices with embedded identification, sensing and/or actuation capabilities. Internet-of-Things envisions a future in which digital and physical entities can be linked, by means of appropriate information and communication technologies, to enable a whole new class of applications and services. In this article, we present a survey of technologies, applications and research challenges for Internet-of-Things.